There are three mistakes that are most commonly made by businesses – and they’re also some of the most dangerous mistakes to make.
Is your business making any of these?
Mistake 1) Not restricting access
Different employees will have different needs when accessing company files and applications. If you allow everyone access to everything it opens up your entire network to criminals.
You should also make sure to change access rights when someone changes roles, and revoke them when they leave.
Mistake 2) Allowing lateral movement
If cyber criminals gain access to a computer used by a member of your admin team, that in itself might not be a disaster.
But what if they could move from your admin system to your invoicing system… and from there to your CRM… and then into someone’s email account?
This is known as lateral movement. The criminals gain access to one system and work their way into more sensitive systems.
If they can get into the email of someone who has admin rights to other systems or even the company bank account, they can start resetting passwords and locking out other people.
Scary stuff.
One strategy against this is called air gapping. It means that there’s no direct access from one part of your network to another.
Mistake 3) Not planning and protecting
Businesses that work closely with their IT partner to prepare and protect are less likely to be attacked in the first place.
And will be back on their feet faster if the worst does happen.
You should also have an up-to-date plan in place that details what to do, should an attack happen.
This will significantly shorten the amount of time it takes to respond to an attack. That means you’ll limit your data loss and the cost of putting things right again.
If you know you’re making one (two, or even three) of these mistakes in your business, you need to act quickly. We can help.
Call us, and we’ll review your current security arrangements.